U.S. officials and experts are calling for action after a devastating cyberattack aimed at the federal government by nation state hackers, which may have exposed sensitive government data for the past several months.
“The reported breach of our Federal networks is serious and disturbing,” House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonHillicon Valley: Lawmakers call for action after ‘devastating’ cyberattack on federal government | US cyber agency issues emergency directive following hacks | FTC opens privacy study into major internet platforms Lawmakers call for action after ‘devastating’ nation state cyberattack on federal government John Katko tapped to be next ranking member of House Committee on Homeland Security MORE (D-Miss.) told The Hill in an emailed statement. “Congress must understand the scope of what happened and what resources Federal agencies will need to secure their networks.”
The cyberattack targeted Austin, Texas-based IT vendor SolarWinds. Hackers inserted a vulnerability into updates put out by the company between March and June of this year for its Orion software, according to a Monday filing with the Securities and Exchange Commission (SEC).
ADVERTISEMENT
Reuters first reported that the hackers had successfully hacked into the Treasury Department, the Department of Homeland Security, and the Commerce Department’s National Telecommunications and Information Administration (NTIA).
However, the attack was likely even more catastrophic.
According to a post on SolarWinds’ website removed Monday, the company’s customers also include all five branches of the military, the Justice and State departments, the National Security Agency, the Postal Service, and 425 of the U.S. Fortune 500 companies.
The Washington Post reported that a prolific Russian military intelligence unit known as “Cozy Bear” was behind the attack on SolarWinds. The group was previously tied to an attack on the State Department and groups doing research on COVID-19 vaccines and treatments. No federal agency had publicly confirmed that this group was responsible.
“While many details are still unknown, the attack emphasizes the importance of strong cybersecurity protections and rapid incident responses across all federal agencies,” Senate Commerce Committee Chairman Roger WickerRoger Frederick WickerHillicon Valley: Lawmakers call for action after ‘devastating’ cyberattack on federal government | US cyber agency issues emergency directive following hacks | FTC opens privacy study into major internet platforms Lawmakers call for action after ‘devastating’ nation state cyberattack on federal government FCC rejects Huawei appeal of national security threat designation MORE (R-Miss.) and Sens. John ThuneJohn Randolph ThuneTop GOP senators acknowledge Biden as president-elect after Electoral College vote Senate GOP leaders seek to put an end to election disputes Hillicon Valley: Lawmakers call for action after ‘devastating’ cyberattack on federal government | US cyber agency issues emergency directive following hacks | FTC opens privacy study into major internet platforms MORE (R-S.D.) and Jerry MoranGerald (Jerry) MoranHillicon Valley: Lawmakers call for action after ‘devastating’ cyberattack on federal government | US cyber agency issues emergency directive following hacks | FTC opens privacy study into major internet platforms Lawmakers call for action after ‘devastating’ nation state cyberattack on federal government Big banks get a big break on pending whistleblower law MORE (R-Kan.) said in a joint statement Monday following a briefing on the attack from the Commerce Department.
“Cyberattacks by nation states like Russia and China threaten our economy and national security. Our response should be swift and clear,” they added.
ADVERTISEMENT
SolarWinds noted in the SEC filing that while it had notified 33,000 customers of the potential months-long breach, it believed that only around 18,000 customers were impacted, and that the hackers had been able to gain access to company emails through exploiting Microsoft Office 365 tools.
Microsoft on Sunday night published a blog post emphasizing that it had “not identified any Microsoft product or cloud service vulnerabilities” while responding to the incident, but noted that it concurred that “this is nation-state activity at significant scale, aimed at both the government and private sector.”
The attack came less than a week after major cybersecurity group FireEye announced that it had been hacked by a nation state in a related attack.
The company wrote in a separate blog post on Sunday that based on its initial investigation into the “ongoing” attacks, it was the “work of a highly skilled actor and the operation was conducted with significant operational security.”
With the fall out ongoing, Capitol Hill on Monday pivoted its attention to the attack.
Thompson told The Hill that he had asked DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to brief the House Homeland Security Committee, while the panel’s newly appointed ranking member Rep. John KatkoJohn Michael KatkoLawmakers call for action after ‘devastating’ nation state cyberattack on federal government House Republicans who didn’t sign onto the Texas lawsuit John Katko tapped to be next ranking member of House Committee on Homeland Security MORE (R-N.Y.) called for a “coordinated and cohesive national strategy” to fight these types of attacks.
House Intelligence Committee Chairman Adam SchiffAdam Bennett SchiffLawmakers call for action after ‘devastating’ nation state cyberattack on federal government Members of both parties hail Supreme Court decision Hillicon Valley: Federal agencies warn of hackers targeting online K-12 classes | California seeks to join DOJ antitrust case against Google | Senate approves defense bill establishing cyber czar position MORE (D-Calif.) summed up the attack as “devastating,” and Senate Intelligence Committee Vice Chairman Mark WarnerMark Robert WarnerLawmakers call for action after ‘devastating’ nation state cyberattack on federal government Hillicon Valley: Federal agencies warn of hackers targeting online K-12 classes | California seeks to join DOJ antitrust case against Google | Senate approves defense bill establishing cyber czar position Democrats urge Biden to address ‘infodemic’ of COVID-19 disinformation, misinformation MORE (D-Va.) said in a statement that “we should make clear that there will be consequences.”
“These recent attacks threatened national security, created unacceptable risks to Americans safety, and we need to do everything we can do to prevent them from happening in the future,” Senate Homeland Security and Governmental Affairs Committee ranking member Gary PetersGary PetersLawmakers call for action after ‘devastating’ nation state cyberattack on federal government Ransomware attacks pose 2021 challenges for Congress Why the polls weren’t as wrong as you think MORE (D-Mich.) told The Hill.
Sen. Ron WydenRonald (Ron) Lee WydenLawmakers call for action after ‘devastating’ nation state cyberattack on federal government Biden selects Katherine Tai for top trade post MSNBC’s Ruhle challenges Sanders on push for ,200 stimulus checks MORE (D-Ore.), a member of the Senate Intelligence Committee, said he was pressing the federal government for more information on the incident.
“Our country has suffered a massive national security failure that could have ramifications for years to come,” Wyden told The Hill. “I fear that the damage is more significant than is currently known.”
The federal government has already begun to take action, with Reuters reporting that the National Security Council (NSC) met in an emergency meeting on Saturday to discuss the attack.
NSC spokesperson John Ullyot said in a tweet Monday that the NSC, the FBI, CISA, and the intelligence community were working together “to coordinate a swift and effective whole-of-government recovery and response to the recent compromise.”
ADVERTISEMENT
CISA also put out an emergency directive late Sunday night ordering federal agencies to immediately disconnect from any SolarWinds systems by Monday afternoon.
But experts warned Monday that there is almost certainly more that will come to light around the incident.
Kiersten Todt, who served as executive director of former President Obama’s Commission on Enhancing National Cybersecurity, told The Hill that the “security of the nation has been compromised.”
“We have no idea what they accessed specifically and for what purposes, and I believe it’s just the tip of the iceberg in terms of who, what, and when has been breached,” said Todt, who currently serves as managing director of the Cyber Readiness Institute.
Theresa Payton, the White House chief information officer during the George W. Bush administration, said the attack was particularly bad after a year in which IT professionals have been pushed to their limit by Americans moving online, and as federal agencies begin the transition process between presidential administrations.
“On a scale of one to ten, my gut tells me we are approaching a nine,” Payton, who currently serves as CEO of the cyber consultancy group Fortalice Solutions, said of the overall attack.
ADVERTISEMENT
The incident came to light as the U.S. faces a vacuum of cybersecurity leadership after top CISA officials were forced out by the Trump administration. The U.S. is also without a central cybersecurity leader as lawmakers and Trump clash on the issue of reestablishing a White House cyber czar following the elimination of the position in 2018.
Todt pointed to the firing of former CISA Director Christopher Krebs by President TrumpDonald TrumpHogan on Republicans who won’t accept election result: ‘They are out of runway’ Biden rips Trump’s refusal to concede after Electoral College vote Top GOP senators acknowledge Biden as president-elect after Electoral College vote MORE, and the departure of three other top officials, as “not helpful,” and both Todt and Payton called on President-elect Joe BidenJoe BidenHogan on Republicans who won’t accept election result: ‘They are out of runway’ Biden rips Trump’s refusal to concede after Electoral College vote Senate GOP warns Biden against picking Sally Yates as attorney general MORE to bolster cybersecurity once in office.
As foreign hackers continue to step up their game, Schiff also called on Biden to illustrate to Russia, China, and Iran the consequences of carrying out a major cyberattack on the nation.
“For too long, cyber-attacks have been seen as relatively cost-free for the perpetrators; that needs to change,” Schiff said.